-
The upcoming parsel 1.7.0 exposes, and flips, the lxml flag that controls the protection described [here](https://lxml.de/FAQ.html#is-lxml-vulnerable-to-xml-bombs), so it's now possible to scrape cert…
-
I think the following setting is missing from the plugin:
```
#
# -- [[ Collection timeout ]] --------------------------------------------------
#
# Set the SecCollectionTimeout directive from th…
-
Regarding the https://github.com/dslm4515/Musl-LFS/blob/eb647866a11fb81c419bf7cba06324f05b4dd833/doc/3-Chroot/022-Shadow#L13 there is another hidden potential mismatch between shadow and musl.
Curr…
-
Findings for SCA, Medium, [TheRedHatter/javagoof:todolist-core/pom.xml]:Denial of Service (DoS)
## Component Details
- **Exploit Maturity**: proof-of-concept
- **Vulnerable Package**: -
- **Current …
-
**Question**
Hello,
I would like to know if there is a way to benchmark code executed in a precompile prior to the pallet dispatch call.
For example in this [code](https://github.com/AstarNetwork…
-
Using Import for many network objects fails to properly import all data, created a false positive replace object scenario,
Both fail to properly import the 'name' and 'ospf area id' values, causin…
-
filter:
```
{
ids:[....],
authors: [...],
...
...
max_size:
}
```
This prevents relay to send events longer then specified size in bytes. This is measured as size of JSON …
-
```
Hi,
I've noticed a possible denial of service if a PuSH hub were to accept
'publish' notifications without authentication from the 'publisher'.
I understand these requests are only pings. My con…
-
```
Hi,
I've noticed a possible denial of service if a PuSH hub were to accept
'publish' notifications without authentication from the 'publisher'.
I understand these requests are only pings. My con…
-
👋 This dashboard summarizes my activity on the repository, including available improvement opportunities.
## Recommendations
_Last analysis: Feb 09 | Next scheduled analysis: Feb 13_
### Open
- h…